Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits
UnitedHealth CEO Andrew Witty told the Senate Finance Committee that systems have been rebuilt “from scratch” in light of the oversight.
Kaiser Permanente exposed data on 13.4 million members to tech companies
Tracking technologies sent patient information to advertisers such as Microsoft, Google and Meta.
Hackers were inside Change Healthcare’s systems 9 days before attack
UnitedHealth Group confirms hackers have personal data on “a substantial proportion of people in America."
Atrium Health sued for violating patient privacy, sharing data with Facebook and Google
In a court filing, the plaintiffs claim Atrium Health used Meta's Pixel code on its website, resulting in patients receiving targeted ads.
Massive data trove from Change Healthcare hack now for sale on dark web
Cybercriminal group RansomHub claims to have protected health information from nearly every American.

Healthcare providers, health plans accounted for most breaches, patient records exposed

Between 2010 and 2017, healthcare providers and health plans accounted for the most breaches and largest number of patient records compromised from breaches, according to a research letter published in JAMA.

September 26, 2018

UMass Memorial entities ordered to pay $230K fine for data breaches

The Massachusetts Office of the Attorney General announced on Thursday, Sept. 20, that UMass Memorial Medical Group, Inc. and UMass Memorial Medical Center, Inc. have been ordered to pay $230,000 following two separate data breaches that exposed the personal health information of more than 15,000 people.

September 25, 2018

Boston hospitals fined nearly $1M for potential HIPAA violations

The federal government has fined three Boston hospitals nearly $1 million for potential HIPAA violations regarding a documentary series.

September 21, 2018

Pennsylvania health insurance company warns of security breach

A Pennsylvania health insurance company issued a notice following a security incident that exposed the private health information of some members.

September 20, 2018

ER worker allegedly stole, sold patient records through encrypted phone app

A Brooklyn hospital emergency room worker is being accused of stealing private patient records and selling them through an encrypted phone application, according to a report by the New York Daily News.

September 17, 2018

40K notified after ransomware attack on Fetal Diagnostic Institute

The Fetal Diagnostic Institute of the Pacific in Honolulu issued a public notice following a ransomware attack that potentially exposed the healthcare data of 40,800 people.

September 14, 2018

FDA aims to strengthen cybersecurity of medical devices

The Food and Drug Administration (FDA) is working to strengthen the cybersecurity of medical devices in the wake of computer-hacking threats, according to a report by the Star Tribune.

September 12, 2018

Health information of nearly 20K children exposed in mailing error

The personal health information of nearly 20,000 children was exposed after a mailing error, according to a report by the Kansas City Star.

September 6, 2018

Around the web

AI in Healthcare

Biden Administration itemizes AI accomplishments to date

Half a year after President Biden officially directed federal agencies in the executive branch’s bailiwick to “seize the promise and manage the risks” of AI, the White House has posted a status report.

Cardiovascular Business

‘Concerning’ data connect industry payments to cardiologists with medical device use

U.S. physicians often receive payments from medical device manufacturers and pharmaceutical companies. New research in JAMA found a connection between receiving such payments and using specific devices—should the industry be concerned?

Cardiovascular Business

Cardiology groups share key update: ABMS seeking feedback on proposed Board of Cardiovascular Medicine

Five of the largest U.S. medical societies focused on cardiovascular health are one step closer to seeing their paradigm-shifting proposal become a reality.

Cybersecurity

Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits

Kaiser Permanente exposed data on 13.4 million members to tech companies

Hackers were inside Change Healthcare’s systems 9 days before attack

Atrium Health sued for violating patient privacy, sharing data with Facebook and Google

Massive data trove from Change Healthcare hack now for sale on dark web

Around the web